Q: How do users tell just what, if anything, has been sandboxed?
[b]A:[/b] 1. When an object is sandboxed, it will appear under [b]My Pending Files[/b].
It also shows you what has been sandboxed under Defense+ → View Defense+ Events.
(For advanced users, only!) Open your registry, navigate to HKEY_LOCAL_MACHINE\SYSTEM\VritualRoot: there you can find all executables names you’ve seen in sandbox so far.
Tips for logs:
- click the Flags’ column top column title to get a better view;
- if you click on More…, you can navigate to View|Advance filter and check in the Sandboxed as checkbox to list sandboxed entries, only;
- don’t forget to multi-select dates on the bottom-left: use SHIFT button and select start/end dates to select interval of dates or click&hold CTRL button and click the needed dates.
Co-work: VanguardLH, panic, MetalShaun, Arkangyal. Edited by Mouse 08/2010